Introduction To The Certification And Accreditation Process (C&Amp;A) Within The U.S. Government

No ratings

Presented at Blackhat USA 2004 by

Jeff Waldron

The United States Federal Government has recently become very active in the arena of Information Assurance (IA) procedures. One such area is the Certification and Accreditation (C & A) of Information Technology (IT). The first document used by the U.S Government for C & A was published in 1993. It was called the Department of Defense Trusted Computer System Evaluation Criteria, also known as the Orange Book. Other directives to deal with the modern threat to IT have recently superceded the Orange Book. These new processes are the Defense Information Technology Security Certification and Accreditation Process (DITSCAP) and the National Information Assurance Certification and Accreditation Process (NIACAP).  Both attempt to bring the U.S Government into the modern times of IT security because much has changed since the creation of the Orange Book.